This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 1 year ago.
$servername = "localhost";
$username = "csc4370FA14_18";
$password = "1db23";
$dbname = "csc4370FA14_18";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$username_login = $_POST["username"];
$password_login = $_POST["pw"];
$query2 = mysql_query("SELECT * FROM users WHERE name='$username_login'");
$numrow = mysql_num_rows($query2);
if ($numrow != 0) {
while ($row = mysql_fetch_assoc($query2)) {
$dbusername = $row['name'];
$dbpassword = $row['password'];
}
// Check to see if username and password match
if ($username_login==$dbusername && $password_login==$dbpassword) {
echo "You are in";
}
else {
echo "Sorry $username_login. Incorrect password!";
}
}
This is the code I am using to check if a user matches the password (same row) in a table.
I am getting the error:
Warning: mysql_query(): Access denied for user 'apache'#'localhost'
(using password: NO) in
/home/csc4370FA14_18/public_html/program/assignments/group
project3/login.php on line 14 Warning: mysql_query(): A link to the
server could not be established in
/home/csc4370FA14_18/public_html/program/assignments/group
project3/login.php on line 14 Warning: mysql_num_rows() expects
parameter 1 to be resource, boolean given in
/home/csc4370FA14_18/public_html/program/assignments/group
project3/login.php on line 15
I have not a clue why this might be incorrect as the login credentials, etc work fine. I think it has something to do with mysqli, but I don't have a very good grasp of this versus the mysql_* functions. I know for a fact this is the correct connect info.
Try this code.
$servername = "localhost";
$username = "csc4370FA14_18";
$password = "1db23";
$dbname = "csc4370FA14_18";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$username_login = $_POST["username"];
$password_login = $_POST["pw"];
$query2 = mysqli_query($conn,"SELECT * FROM users WHERE name='$username_login'");
$numrow = mysqli_num_rows($query2);
if ($numrow != 0) {
while ($row = mysqli_fetch_assoc($query2)) {
$dbusername = $row['name'];
$dbpassword = $row['password'];
}
// Check to see if username and password match
if ($username_login==$dbusername && $password_login==$dbpassword) {
echo "You are in";
}
else {
echo "Sorry $username_login. Incorrect password!";
}
}
Related
Still loggin in even if the username and password is incorrect and also logins even if the value is null
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "login";
$conn = mysqli_connect($hostname, $username, $password, $dbname);
if (!$conn) {
die ("unable to connect");
}
if ($_POST) {
$uname = $_POST ["username"];
$pass = $_POST ["password"];
$sql = "SELECT * FROM users WHERE username = '$uname' AND password = '$pass' LIMIT 1 ";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1){
include("graph.php");
} else {
echo "Incorrect";
}
}
?>
First of all and very important it that you are open to SQL Injection attack, so you should use prepared statements, here is how should use your code, but instead of echo "Incorrect"; you should render different answer for each case:
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "login";
$conn = mysqli_connect($hostname, $username, $password, $dbname);
if (!$conn) {
die ("unable to connect");
}
if (isset($_POST["username"]) && isset($_POST["password"])) { // Check if you have posted data via POST
$uname = $_POST["username"];
$pass = $_POST["password"];
$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1 ";
if($stmt = $conn->prepare($sql)) { // Check for MySQL errors
$stmt->bind_param('ss', $uname, $pass);
if ($stmt->execute()) {
$stmt->close();
include("graph.php");
} else { // There is a problem with your SELECT // bind params
echo "Incorrect";
}
} else { // You should handle mysql errors here
echo "Incorrect";
}
} else { // You don't have POST data
echo "Incorrect";
}
?>
Prepared statements
Like #Kuya notice you have and many other problems, there is a lot of tutorials in Google about implementation of login system.
You must check the post request with isset() in php like this :
<?php
if (isset($_POST["username"] && isset($_POST["password"]))) {
//..... Your code here
}else {
echo "Incorrect password or username";
}
?>
This question already has answers here:
Using PHP 5.5's password_hash and password_verify function
(4 answers)
Closed 3 years ago.
I have been trying to figure out this problem for about 2 months and can't seem to figure it out. I have a database that returns the hashed password. I can confirm this works due to printing out all the information. It can return the non-hashed and hashed password perfectly fine but when it checks the password it will always return false.
I am not sure what to do. It could be something really easy but I seem to not be able to find it.
<?php
session_start();
$dbip = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "projectNitro";
$conn = new mysqli($dbip, $dbuser, $dbpass, $dbname);
if($conn->connect_error) {
echo("Connection failed: " . $conn->connect_error);
}
$password = mysqli_real_escape_string($conn, $_GET["pass"]);
$email = mysqli_real_escape_string($conn, $_GET["email"]);
$sql = "SELECT * FROM users WHERE email='{$email}' LIMIT 1";
$query = mysqli_query($conn, $sql);
$pass = $_GET["pass"];
if($query == TRUE) {
$row = mysqli_fetch_array($query);
$db_password = $row['password'];
$db_usertype = $row['accountType'];
$username = $row['username'];
echo $password;
echo "<br>";
echo $db_password;
echo "<br>";
$verify = password_verify($pass, $db_password);
if($verify) {
$_SESSION['username'] = $username;
$_SESSION['at'] = $db_usertype;
header("Location: http://website.com");
} else {
echo("DB Email: "
.$row["email"]
."<br>Username: "
.$row["username"]
."<br>DB Password: "
.$row["password"]
."<br>AccountType: "
.$row["accountType"]
."<br>Inserted Email: "
.$_GET["email"]
."<br>Inserted Password: "
.$_GET["pass"]."<br>");
if(password_verify($_GET["pass"], $row["password"])) {
echo("epic<br>");
} else {
echo("not epic<br>");
}
}
} else {
header("Location: http://website.com");
}
$conn->close();
?>
You need to do baby steps. keep stepping up as long as it works.
Here is a simpler version of your code that should work with the password sample from the official doc: http://php.net/manual/en/function.password-verify.php
Also use die(); to debug your code in every {} block.
In your current code you redirect to a website in both cases it's really hard to track what is wrong if you are redirected!
You have useless and unclear variables, for instance $dbpass, $db_password is very ambiguous, even if you and I understand it makes it not maintainable. As well as your coding style, you need to indent!
The next step you need to check if this code works, is replace the hard coded password with a hard coded password you have with hard coded hash as well.
<?php
session_start();
$dbip = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "projectNitro";
$conn = new mysqli($dbip, $dbuser, $dbpass, $dbname);
if ($conn->connect_error){
echo("Connection failed: " . $conn->connect_error) . '<br><br>';
}
$password = 'rasmuslerdorf';//mysqli_real_escape_string($conn, $_GET["pass"]);
// $email = mysqli_real_escape_string($conn, $_GET["email"]);
// $sql = "SELECT * FROM users WHERE email='{$email}' LIMIT 1";
// $query = mysqli_query($conn, $sql);
// $pass = $_GET["pass"];
// if ($query == TRUE) {
// $row = mysqli_fetch_array($query);
$db_password = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
// $username = $row['username'];
echo $password;
echo "<br>";
echo $db_password;
echo "<br>";
if (password_verify($password, $db_password)) {
die('ok');
} else {
die('not ok');
}
// } else {
// header("Location: http://website.com");
// }
$conn->close();
?>
Here I modified slightly and added a few comments along the code to help you understand the approach.
<?php
session_start();
// This array is used only like a simple namespace.
$dbCredentials = [
'host' => "localhost",
'user' => "root",
'password' => "",
'dbname' => "projectNitro"
];
$dbConn = new mysqli($dbCredentials['host'], $dbCredentials['user'], $dbCredentials['password'], $dbCredentials['dbname']);
if ($dbConn->connect_error) {
// Should not continue script if can't connect to DB.
die("Connection failed: " . $dbConn->dbConnect_error);
}
// You should check the existence of $_GET["pass"] before using it, with empty() or isset().
$passwordToCheck = mysqli_real_escape_string($dbConn, $_GET["pass"]);// Renamed var more meaningful.
$userEmail = mysqli_real_escape_string($dbConn, $_GET["email"]);
$sql = "SELECT * FROM users WHERE email='{$userEmail}' LIMIT 1";// Don't select * if you don't need everything.
$query = mysqli_query($dbConn, $sql);
$pass = $_GET["pass"];// you already have $passwordToCheck.
if ($query) {// Don't need == TRUE
// $row = mysqli_fetch_array($query);
$db_password = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
$username = $row['username'];
echo "$passwordToCheck<br>$db_password<br>";// This is way less verbose than repeating echo and uses less echo functions.
if (password_verify($passwordToCheck, $db_password)) {// Don't need to keep this condition in a variable.
die('ok');// this is just an example to test.
} else {
die('not ok');// this is just an example to test.
}
} else {
header("Location: http://website.com");// While debugging don't redirect, put die('message');
}
$dbConn->close();
?>
This question already has answers here:
mysqli_real_escape_string() expects exactly 2 parameters, 1 given
(5 answers)
Closed 1 year ago.
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1
given in C:\xampp\htdocs\login2\login.php on line 28
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1
given in C:\xampp\htdocs\login2\login.php on line 29
Warning: mysqli_select_db() expects parameter 1 to be mysqli, string
given in C:\xampp\htdocs\login2\login.php on line 31
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
string given in C:\xampp\htdocs\login2\login.php on line 35
Can anybody help me figure it out?
here is my code below.
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "server1";
// Create connection
$conn = new mysqli($servername, $username, $password,$dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// To protect mysqli injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
// Selecting Database
$db = mysqli_select_db("server1", $conn);
// SQL query to fetch information of registerd users and finds user match.
$query = "select * from account where password='$password' AND username='$username'";
$result = mysqli_query($conn, $query) or trigger_error("Query Failed! SQL: $query - Error: ". mysqli_error($mysqli), E_USER_ERROR);;
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($conn); // Closing Connection
}
}
?>
You can use both procedural style or object oriented style. Since object oriented approach is more encouraged I'll show that.
...
$username = $conn->real_escape_string($username);
$password = $conn->real_escape_string($password);
...
$db = $conn->select_db("server1"); //redundant line
...
$result = $conn->query( $query)
$rows = $conn->num_rows($query);
...
$conn->close();
And all that was needed to solve this was checking the documentation properly http://php.net/docs.php
Please check Syntax of mysqli_real_escape_string
You need to mention the $con variable as well:
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
Also, you're already specifying your database in this line:
$conn = new mysqli($servername, $username, $password,$dbname);
So, this below line is redundant. You should just remove this:
$db = mysqli_select_db("server1", $conn);
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 7 years ago.
When I execute the following code, I gets this error:
Warning: mysql_num_rows() expects parameter 1 to be resource, object given in C:\wamp\www\my\myWork.php on line 53
Whats the wrong with this code?
<?php
if(isset($_POST['login']))
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "Begin";
$uName = $_POST["txtUsername"];
$uPwd = $_POST["txtPwd"];
echo "Your Username is: ".$uName."<br>";
echo "Your password is: ".$uPwd."<br>";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if(!$conn)
die("Connection faild: " . mysqli_connect_error());
$sql = "SELECT firstname from myguests WHERE firstname = '$uName'";
$result = $conn->query($sql);
if(mysql_num_rows($result) > 0)
{
echo "You have a login";
$_SESSION['uname'] = $uName;
}
else
echo "You don't have a login";
}
?>
I believe that because you are using mysqli_connect that you need to use the mysqli_query($conn,$sql) notation.
Try this:
$result = mysqli_query($conn,$sql)
if(mysqli_num_rows($result) > 0)
This question already has answers here:
Single result from database using mysqli
(6 answers)
Closed 1 year ago.
I know how to search using mysqli to find if there is at least one match. How do I go about retrieving another value from a found row. It must just require changing 1 or 2 things.
Imagine I have the following DB:
ID | emailaddress | password
1 | dummy#email.com | DUMB1PASS
2 | second#email.com | DUMB2Pass
I can use the following code to verify if the the email address "dummy#email.com" exists. How would I look up the password associated with that row (i.e. the row containing dummy#email.com).
$email = "dummy#email.com";
$servername = "correct"; $username = "correct"; $DBpass = "correct"; $dbname = "correct";
$conn = new mysqli($servername, $username, $DBpass, $dbname);
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT emailaddress FROM registration WHERE emailaddress = '$email'";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
echo "we found a match";
}
else
{
echo "we did not find a match";
}
I imagine I can do something like:
$email = "dummy#email.com";
$servername = "correct"; $username = "correct"; $DBpass = "correct"; $dbname = "correct";
$conn = new mysqli($servername, $username, $DBpass, $dbname);
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT password FROM registration WHERE emailaddress = '$email'";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
echo "the value is '$result'";
}
else
{
echo "we did not find a match";
}
However, it produces this error:
Catchable fatal error: Object of class mysqli_result could not be converted to string in MYPAGE on line XX.
I think that the cause of this is likely that $result is an array or something. However, I don't know enough about sql/php to know if that is the problem, or how to pull the result from it if it is the case.
I'd really appreciate any help.
You need to fetch the row first, try this:
if ($result->num_rows) {
$row = $result->fetch_row();
echo 'the value is: ', $row[0];
}